docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
850 Commits 25 Branches 28 Tags 827 MiB
Commit Graph

138 Commits

Author SHA1 Message Date
Nathan McCauley 1421f47258 keystore caching 
Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>
 2015-07-20 13:34:11 -07:00
Derek McGowan c35c1ea254 Move passphrase logic to its own package 
The logic to retrieve passphrase is generic and may be used by directly by clients.

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
 2015-07-20 13:02:05 -07:00
Diogo Monica f3a7fdf211 Removing doubling of string in test 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-20 11:42:10 -07:00
Nathan McCauley 6b23e7d249 review feedback 
Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>
 2015-07-20 11:10:13 -07:00
Nathan McCauley f07876602f add test for passphraseRetriever 
Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>
 2015-07-20 11:00:24 -07:00
Nathan McCauley 0642da80f1 review feedback 
Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>
 2015-07-20 11:00:24 -07:00
Nathan McCauley 38fe6bd45b gofmt across the baord 
Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>
 2015-07-20 11:00:24 -07:00
Nathan McCauley de6f65b7e7 many testing fixups to support key aliasing 
Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>
 2015-07-20 11:00:22 -07:00
Nathan McCauley f239757dfd keystore aliasing, take 2 
Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>
 2015-07-20 10:58:20 -07:00
Nathan McCauley 5df1eb21f3 keystore aliasing, take 1 
Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>
 2015-07-20 10:58:20 -07:00
Nathan McCauley 23b7e8c6af Update keyfilestore to use passwordRetriever 
Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>
 2015-07-20 10:58:16 -07:00
Diogo Monica 3b261e8972 Removing comments 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-20 10:08:15 -07:00
Diogo Monica 1e9365a384 Addressed small nits 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-19 13:43:54 -07:00
Diogo Monica cf9e6499e1 Addressing comments 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-19 01:45:43 -07:00
Diogo Monica 2eb77d3334 Removed organization from certificates and added tests for x509utils 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-18 21:48:53 -07:00
Diogo Monica 97a2d30d99 Fixed bug with RemoveCert 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-18 01:42:19 -07:00
Diogo Monica e3591c0b10 Added new helper functions 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-18 01:40:32 -07:00
Diogo Mónica 2b7682c323 Merge pull request #82 from docker/new-unit-tests 
New unit tests
 2015-07-17 18:24:35 -07:00
Aaron Lehmann f5d1a1fbf5 Add test coverage for KeyMemoryStore (and by extension, MemoryFileStore) 
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
 2015-07-17 16:45:36 -07:00
Diogo Monica 00f8f56942 Cosmetic code changes 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-17 14:33:06 -07:00
Diogo Monica 4c805611d0 Adding more error types and being extra careful with checks 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-17 14:33:06 -07:00
Diogo Monica 945691912a Added error type to X509FileStore 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-17 14:33:05 -07:00
Diogo Monica 2c9a0d6331 Adding tests to RemoveAll in X509Stores 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-17 14:31:43 -07:00
Diogo Monica 3ec4f1d7f4 Adding RemoveKey and Test 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-17 14:31:43 -07:00
Diogo Monica f5873eef8c Adding RemoveAll to X509FileStore and correcting functions caller 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-17 14:31:43 -07:00
Diogo Monica 5a77976901 Rebasing from master 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-17 14:31:43 -07:00
Diogo Monica 58e6544d0a Adding Cert retrieval by common name, and renaming KeyID to CertID 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-17 14:28:30 -07:00
Diogo Monica 0313aa5958 Adding parsing of multiple certificates, and leaf cert filtering methods 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-17 14:28:30 -07:00
Aaron Lehmann d2ea9cc0d5 Updates to notary for gotuf's split of PublicKey and PrivateKey interfaces 
Functions should now take data.PublicKey or data.PrivateKey instead of
data.Key.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
 2015-07-17 11:35:22 -07:00
Nathan McCauley 88e7346782 Merge pull request #71 from docker/unify-cryptoservice 
Unify cryptoservice
 2015-07-17 11:10:59 -07:00
Aaron Lehmann 125d72fd77 Big refactor to make signer use cryptoservices 
- Add MemoryFileStore, a partial FileStore implementation that doesn't
  persist on disk.

- Create a KeyStore interface that allows pluggable key store types. Use
  this interface in the cryptoservice implementation.

- Add KeyMemoryStore, which uses MemoryFileStore to provide a KeyStore.

- Add GetKey and DeleteKey functions to cryptoservice.CryptoService.

- Refactor the hardware RSA signing service as a CryptoService.

- Replace custom ed25519 code with cryptoservice.CryptoService.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
 2015-07-17 09:33:19 -07:00
Aaron Lehmann f5c1d8dbc9 Add ED25519 support to cryptoservice and x509utils 
Add unit tests for cryptoservice that do sign and verify for all three
supported algorithms.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
 2015-07-16 18:44:44 -07:00
Diogo Mónica 0ed6072a4a Merge pull request #67 from docker/adding-certs 
Adding new certificates
 2015-07-15 22:35:54 -07:00
Diogo Monica 3d58e6b810 Added tests for x509Filestore 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-15 19:57:48 -07:00
Diogo Monica d743dfac6e Fixed config files and trust manager tests to point at new fixtures 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-15 19:46:57 -07:00
Diogo Monica 76d81563b3 Simplifying AddCertFromPEM to use help functions 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-15 19:44:37 -07:00
Aaron Lehmann 20633e3e12 Make FileStore only allow operations on files inside the store 
Paths that abuse .. shouldn't be able to escape from the filestore. This
is especially important when importing keys from zip files that could
have "creative" paths encoded in the zip.

Add test coverage for this protection.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
 2015-07-15 17:14:56 -07:00
Aaron Lehmann 878a8a083d Add ExportAllKeys function 
This allows all keys to be exported to a zip file. Keys that were
already encrypted are kept as-is, and keys that weren't encrypted are
encrypted with the specified passphrase.

Also add a unit test that creates the zip file and checks the expected
keys all exist, and are all encrypted with the expected passphrase.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
 2015-07-15 17:14:49 -07:00
Diogo Monica 765a2cf661 Refactor crypto service 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-13 13:53:47 -07:00
Diogo Monica 1f5d935cc8 Fixing lint 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-12 22:51:27 -07:00
Diogo Monica 1a054d7741 Small nits 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-12 22:21:29 -07:00
Diogo Monica ba94fdd19d Signature/key types are now used correcty and are represented by constants. 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-12 22:21:29 -07:00
Diogo Monica 085c613527 Refactored fingerprint cert and added better debugging 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-12 22:21:29 -07:00
Diogo Monica 39482c2397 Working ECDSA implementation 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-12 22:21:29 -07:00
Diogo Monica 43d0ec8a75 Initial ECDSA trustmanager methods 
Signed-off-by: Diogo Monica <diogo@docker.com>

Splitting CryptoService into ECDSA and RSA cryptoservices

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>

Working ECDSA support

Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-12 22:21:29 -07:00
Diogo Monica 1ae9cf057e Removing dangling temp test directories 2015-07-09 21:03:54 -07:00
Diogo Monica 06a28c89ee Added root key creation if non-existing to notary 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-09 18:56:06 -07:00
Diogo Monica 682e7ea00b Fixing lint 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-09 17:58:55 -07:00
Diogo Monica d7999b6cdc Fixing stat and error checking for x509filestore 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-09 17:58:47 -07:00
Diogo Monica 8c6de46aca Added list keys that ignores symlinks 2015-07-09 17:58:10 -07:00
Diogo Monica 4635bed2db Major refactor of keys 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-09 17:58:10 -07:00
Aaron Lehmann 4f6b2da44d Add TestValidateRootKey, validates presence of x509 cert in root.json 2015-07-09 17:58:09 -07:00
Diogo Monica f9f11e5781 Starting the key refactor; rename UnlockedRootKey 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-09 17:58:09 -07:00
Aaron Lehmann e7462dcdad Write test for FileStore's Link method 
Also remove debugging print statements from the Link method.
 2015-07-09 17:58:09 -07:00
Diogo Monica f4e1d3e932 Changing hardlink to symlink 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-09 17:58:09 -07:00
David Lawrence 1d163650a3 changelist implementation 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)

Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-07-09 17:58:09 -07:00
David Lawrence 9d5e988586 working refactor 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-07-09 17:58:08 -07:00
David Lawrence 21d45a0f8d IDs for root are now correct 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-07-09 17:58:08 -07:00
Diogo Monica e66dc12eca More refactor 2015-07-09 17:58:08 -07:00
Diogo Monica 1346296869 Initial libnotary refactor 
Signed-off-by: Diogo Monica <diogo@docker.com>

Ported more functionality to libnotary
 2015-07-09 17:57:48 -07:00
Diogo Monica bddf2e1636 Fixing small nit 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-05 22:47:08 -07:00
Diogo Monica d5cdeb93bb Adding EncryptedFileStore and changing interfaces 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-05 21:02:16 -07:00
Diogo Monica fd8471038c Added a keyfilestore with encrypted PEM support 2015-07-04 12:17:54 -07:00
David Lawrence 89379a728c adding timestamping and some general cleanup 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-07-03 15:38:09 -07:00
Diogo Mónica 66aec225f2 Merge pull request #8 from docker/validate_root 
validate root file against cert store
 2015-07-03 14:23:25 -07:00
Diogo Monica 4c06233840 Fixed small nit 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-03 14:14:52 -07:00
Diogo Monica 1eb972a820 Changed FingerprintCert to return string; renamed kID fingerprint everywhere in notary 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-06-30 21:44:57 -07:00
Diogo Monica a0e63bcaeb Fixed verification to use exact match and fallback to CA + tests 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-06-30 19:38:52 -07:00
Diogo Monica cf3d7d4b52 Removed all references of GUN from filestore 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-06-30 19:36:17 -07:00
David Lawrence cf2a819b21 validate root file against cert store 2015-06-28 16:35:24 -07:00
Diogo Monica 2e96f13ded Addressing all Comments; Renaming ID to CertID 2015-06-21 18:23:43 -04:00
Diogo Monica ac881bb381 Making ListGUN and List DRY 2015-06-21 18:07:52 -04:00
Diogo Monica 09c9099fdf Adding ListGUN to allow listing of specific keys 2015-06-21 15:14:46 -04:00
Diogo Monica eb1da6d5c6 Added delete keys by GUN 2015-06-20 23:31:03 -04:00
Diogo Monica db847379df Major refactor the the FileStore 2015-06-20 23:04:34 -04:00
Diogo Monica 8da91369b8 Added confirmation for trust 2015-06-18 21:32:30 -07:00
Diogo Monica e5dd1721b3 Renamed SKID to kID 2015-06-17 21:11:36 -07:00
Diogo Monica cb6f43e99a Changed universal ID to be TUF, cleaned UI 2015-06-17 20:51:18 -07:00
Diogo Monica 0cb428b071 Changing the path certificates get stored in 2015-06-17 16:15:41 -07:00
Diogo Monica 712ff83945 Added cliCryptoService 2015-06-17 16:05:16 -07:00
David Lawrence 6805f290f0 all vetinari tests pass 2015-06-17 11:28:59 -07:00
Diogo Monica 931c5e2a9b Refactored Add by URL out from X509 Key Stores 2015-06-17 11:13:41 -07:00
Diogo Monica b2a902a953 Made Fingerprinting method Public 2015-06-17 11:13:41 -07:00
Diogo Monica b9dbc9e20a Remove overwrote of SKID on saved certificates 2015-06-17 11:13:41 -07:00
Diogo Monica d39d16a717 Added tests for X509MemStore and fixtures 2015-06-17 11:13:41 -07:00
Diogo Monica 181a453adc Added GetVerifyOptions to KeyStores and better filter for loaded CAs 2015-06-17 11:13:41 -07:00
Diogo Monica c90a362cfe Addressing small comments and nits 2015-06-17 11:13:41 -07:00
Diogo Monica 6ffe6df102 Added trustmanager package and simple CLI 2015-06-17 11:13:40 -07:00